Open AndreaHasani opened 1 month ago
strongbox-mark
commented
1 month ago Hi @AndreaHasani - Not sure I understand your request. Can you give more detail, iOS/macOS?
This should work for you on both platforms by using Face/Touch ID, you will be prompted for your hardware key in both case with no request for password.
So we need more detail here as it isn't obvious what you might mean.
AndreaHasani
commented
1 month ago Yeah if unlock via touch ID or face ID is enabled and auto-prompt for that is enabled it will show ask for the yubi key challange response.
My point is to do that without needing to enable face/touch ID auto-prompt.
Basically send challenge-request the moment a database locked with yubikey is created. It can probably store that in its own settings (basically mark x database to automatically send challenge-request when its tried to open)
strongbox-mark
commented
1 month ago Sure, I presume the issue is that you don't want to Touch ID on your Mac because it is in Clam Shell mode or something?
Just trying to understand this feature because a Touch ID request for unlock doesn't seem like too much of an inconvenience?
And again, please specify macOS or iOS? Guessing macOS here.
AndreaHasani
commented
1 month ago I mostly tested on macos in Clam Shell mode where Touch ID is not available, even if it was I think its a good idea to separate these features since a user might want just to have a yubikey and nothing else.
Since yubikeys are quite strong, there's no need for something else to open the database, so even in iOS it makes sense to have it separated and not needing the Face ID.
I mean on iOS since its not a big deal, having the Face ID and then asking for the key does not take alot of time since the user is probably looking at the screen but on macos Clam Shell mode the user needs to open the laptop etc
I think it would be a really nice quality of life improvement if we can have a database specific setting that would prompt for the Hardware Key if it was used while creating the database. Also in case the database does not use a password, we can just disable that field (since its using an hardware key so the field is not needed if it was not used with both)